- (dtucker) [authfile.c] Fall back to 3DES for the encryption of private

keys when built with OpenSSL versions that don't do AES.
author: Darren Tucker <dtucker@zip.com.au> 2009-11-07 16:03:14 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2009-11-07 16:03:14 +1100
commit: df6578bb4df17210f792c3bc98a72bed473e7e11 (patch)
tree: 7fb3b57ea303273dbd6adab903e566de67fab54e
parent: e89ed1cfcae65705b48d3741873d8ab1f76a6cf7 (diff)
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 1bdeea275..9a17b25ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20091107
+ - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
+    keys when built with OpenSSL versions that don't do AES.
 20091105
 - (dtucker) [authfile.c] Add OpenSSL compat header so this still builds with
   older versions of OpenSSL.
diff --git a/authfile.c b/authfile.c
index fc12c00c7..3fbe11b0e 100644
--- a/authfile.c
+++ b/authfile.c
@@ -187,7 +187,11 @@ key_save_private_pem(Key *key, const char *filename, const char *_passphrase,
        int success = 0;
        int len = strlen(_passphrase);
        u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
+#if (OPENSSL_VERSION_NUMBER < 0x00907000L)
+        const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
+#else
        const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
+#endif
        if (len > 0 && len <= 4) {
                error("passphrase too short: have %d bytes, need > 4", len);
author	Darren Tucker <dtucker@zip.com.au>	2009-11-07 16:03:14 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2009-11-07 16:03:14 +1100
commit	df6578bb4df17210f792c3bc98a72bed473e7e11 (patch)
tree	7fb3b57ea303273dbd6adab903e566de67fab54e
parent	e89ed1cfcae65705b48d3741873d8ab1f76a6cf7 (diff)